Insecure Default Initialization of Resource

Overview engramx is a The context spine for AI coding agents. 9 built-in providers + mcpConfig plugin contract wrap any MCP server in 10 lines, generic MCP-client aggregator stdio, pre-mortem mistake-guard, bi-temporal mistake memory, Anthropic Auto-Memory bridge, SSE stre Affected versions of th...

CVE-2026-21711

Mode C Insight: CVE-2026-21711 (Node.js) affects Node.js 25.x processes using the Permission Model where --allow-net is omitted. The vulnerability allows a Unix Domain Socket (UDS) server to operate without the required permission checks, enabling IPC endpoints to be created/exposed locally outsi...

Linux Distros Unpatched Vulnerability : CVE-2026-21711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all...

CVE-2026-21885 Miniflux Media Proxy SSRF via /proxy endpoint allows access to internal network resources

Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint GET /proxy/encodedDigest/encodedURL can be abused to perform Server-Side Request Forgery SSRF. An authenticated user can cause Miniflux to generate a signed proxy URL for attacker-chosen media URLs...

CVE-2025-9611

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

CVE-2025-9611 Microsoft Playwright MCP Server < 0.0.40 DNS Rebinding via Missing Origin Header Validation

Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and send unauthorized requests to a locally running MCP server, resulting in unintended...

CVE-2025-9611

Microsoft Playwright MCP Server prior to version 0.0.40 is vulnerable due to missing Origin header validation, enabling DNS rebinding attacks that can trigger unauthorized requests to locally running MCP tool endpoints. Affected software: MCP Server versions

PT-2026-1558

Name of the Vulnerable Software and Affected Versions Microsoft Playwright MCP Server versions prior to 0.0.40 Description The software does not properly validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via a victim’s web browser and se...

UBUNTU-CVE-2022-48321

Limited Server-Side Request Forgery SSRF in agent-receiver in Tribe29's Checkmk = 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API...